计算机科学 ›› 2018, Vol. 45 ›› Issue (11): 160-163.doi: 10.11896/j.issn.1002-137X.2018.11.024

• 信息安全 • 上一篇    下一篇

基于能力度量的网络安全实验环境多仿真规划

曾子懿, 邱菡, 朱俊虎, 周天阳   

  1. (战略支援部队信息工程大学 郑州450001)
    (国家数字交换系统工程技术研究中心 郑州450001)
  • 收稿日期:2018-07-09 发布日期:2019-02-25
  • 作者简介:曾子懿(1989-),男,博士生,主要研究方向为网络建模仿真、网络空间安全,E-mail:zyzeng7@163.com;邱 菡(1981-),女,博士,副教授,主要研究方向为网络空间安全、网络安全行为建模与评估,E-mail:qiuhan410@aliyun.com(通信作者);朱俊虎(1974-),男,博士,教授,主要研究方向为网络空间安全;周天阳(1979-),男,博士生,副教授,主要研究方向为网络空间安全。
  • 基金资助:
    本文受国家自然科学基金(61502528)资助。

Network Security Experiment Environment Multi-emulation Planning Based on Capability Measurement

ZENG Zi-yi, QIU Han, ZHU Jun-hu, ZHOU Tian-yang   

  1. (Information Engineering University,Zhengzhou 450001,China)
    (National Digital Switching System Engineering & Technological Research Center,Zhengzhou 450001,China)
  • Received:2018-07-09 Published:2019-02-25

摘要: 多种仿真技术的融合使用可为网络安全实验环境的构建提供灵活的资源分配,其难点在于如何兼顾逼真度需求。针对该问题,文中提出了一种“按需分配”的多仿真规划方法。首先,以仿真能力定义逼真度需求,将复杂、抽象、无结构化的需求表示为简单、具体、结构化的形式;接着,给出了一种基于默认拒绝策略的逼真度需求满足性判定准则以及一种基于贪心策略的多仿真方案求解算法。在蠕虫样本传播的仿真环境构建实验中,运用该方法求解的仿真方案可在满足逼真度需求的条件下取得最小的仿真代价。

关键词: 逼真度需求刻画, 多仿真规划, 能力度量, 贪心策略

Abstract: The combined usage of multiple emulation technologies can provide flexible resource allocation for construction of experimental environment for network security.Its difficulty lies in how to balance the fidelity requirements.A multi-emulation planning method based on “distribution on demand” was proposed for this problem.Firstly,the emulation capability is used to define the fidelity requirement,and then the complex,abstract and unstructured requirements are represented as simple,concrete and structured forms.Secondly,a fidelity satisfaction decision criterion based on default rejection strategy and a multi-emulation scheme solving algorithm based on greedy strategy are given.In the expe-riment of emulation environment construction of worm sample propagation,the emulation scheme solved by this method can obtain the minimum emulation cost under the condition of satisfying the fidelity requirement.

Key words: Capability measurement, Fidelity requirement representation, Greedy strategy, Multi-emulation planning

中图分类号: 

  • 393.01
[1]ALKHATHAMI M,ALAZZAWI L,ELKATEEB A.Large Scale Border Security Systems Modeling and Simulation with OPNET [C]∥Computing and Communication Workshop and Conference (CCWC).IEEE,2017:1-8.
[2]MEHIC M,MAURHART O,RASS S,et al.Implementation of Quantum Key Distribution Network Simulation Module in the Network Simulator NS-3 [J].Quantum Information Proces-sing,2017,16(10):253.
[3]ORGERIE A C,ASSUNCAO M D,LEFEVRE L.A Survey on Techniques for Improving the Energy Efficiency of Large-scale Distributed Systems[J].ACM Computing Surveys,2014,46(4):1-31.
[4]BOETTIGER C.An introduction to Docker for reproducible research.ACM SIGOPS Operating Systems Review,2015, 49(1):71-79.
[5]LUBKE R,BUSCHEL P,SCHUSTER D,et al.Measuring Accuracy and Performance of Network Emulators [C]∥2014 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom).IEEE,2014:63-65.
[6]MIJUMBI R,SERRAT J,GORRICHO J L,et al.Network Function Virtualization:State-of-the-art and Research Challenges [J].IEEE Communications Surveys & Tutorials,2016,18(1):236-262.
[7]FANG B X,JIA Y,LI A P,et al.Cyber Ranges:State-of-the-art and Research Challenges [J].Journal of Cyber Security,2016,1(3):1-9.(in Chinese)
方滨兴,贾焰,李爱平,等.网络空间靶场技术研究[J].信息安全学报,2016,1(3):1-9.
[8]YANG R,LIU Y K.Simulation Fidelity Theory and Measurement:A Literature Review [J].System Simulation Technology,2014,10(2):85-89.(in Chinese)
杨蓉,刘玉坤.建模与仿真逼真度理论与方法研究综述[J].系统仿真技术,2014,10(2):85-89.
[9]SIATERLIS C,GARCIA A P,GENGE B.On the Use of Emulab Testbeds for Scientifically Rigorous Experiments [J].IEEE Communications Surveys & Tutorials,2013,15(2):929-942.
[10]WROCLAWSKI J,BENZEL T,BLYTHE J,et al.DETERLab and the DETER Project [M]∥The GENI Book.Springer International Publishing,2016:35-62.
[11]ROZA Z C.Simulation Fidelity Theory and Practice [D].Netherlands:TU Delft,2005.
[12]GARDENGHI L,GOLDWEBER M,DAVOLI R.View-os:A New Unifying Approach against the Global View Assumption [C]∥International Conference on Computational Science(ICCS 2008).2008:287-296.
[13]SHUJA J,GANI A,BILAL K,et al.A Survey of Mobile Device Virtualization:Taxonomy and State of the Art [J].ACM Computing Surveys,2016,49(1):1.
[14]DETER T.Building Apparatus for Multi-resolution Networking Experiments Using Containers:ISI-TR-683[R].2011.
[1] 李晓东, 於志勇, 黄昉菀, 朱伟平, 涂淳钰, 郑伟楠.
面向河道环境监测的群智感知参与者选择策略
Participant Selection Strategies Based on Crowd Sensing for River Environmental Monitoring
计算机科学, 2022, 49(5): 371-379. https://doi.org/10.11896/jsjkx.210200005
[2] 李昭,赵一,梁鹏,何克清.
基于MFI的企业业务模型互操作能力度量方法研究
MFI Based Interoperability Measurement of Business Models in Enterprises
计算机科学, 2015, 42(Z11): 479-485.
[3] 贺毅朝,田海燕,张新禄,高锁刚.
基于相邻矩阵快速构建虚拟主干网的近似算法
Fast Approximation Algorithm Based on Adjacent Matrix for Construction Virtual Backbone
计算机科学, 2012, 39(3): 83-87.
[4] 陈端兵 黄文奇.
一种求解集合覆盖问题的启发式算法

计算机科学, 2007, 34(4): 133-136.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!